OAuth Vulnerabilities : Task 7-10 : TryHackMe : 1.2
Room: https://tryhackme.com/r/room/oauthvulnerabilities
What is the flag value after attaching the attacker's account with the victim's account?
What parameter name does the client application include in the authorization request to avoid CSRF attacks?
What symbol separates the access token from the OAuth 2.0 implicit grant flow URL?
Visit the URL http://coffee.thm:8080/flagvalidator/ and enter the access token you acquired. What is the flag value?
Which of the following has been omitted from OAuth 2.1?
a) Implicit Grant
b) Authorization Code
c) Tokens
d) State
Referrals:
Hack the Box:
https://referral.hackthebox.com/mzwO8Xx
TryHackMe:
https://tryhackme.com/signup?referrer=6169e087079b7a004a50fba8
